In that /etc/ssl/certs directory, one can see loads of. So I need the correct “local issuer certificate” (I created the “user’s” certificate) and I point to it in my configuration file with this line: If you’d like to turn off curl’s verification of the certificate, use Problem with the certificate (it might be expired, or the name might The bundle, the certificate verification probably failed due to a If this HTTPS server uses a certificate signed by a CA represented in If the defaultīundle file isn’t adequate, you can specify an alternate file ![]() Of Certificate Authority (CA) public keys (CA certs). Server CouchDB/2.2.0 (Erlang OTP/20) is not blacklistedĬurl: (60) SSL certificate problem: unable to get local issuer certificateĬurl performs SSL certificate verification by default, using a “bundle”.Server auth using Basic with user ‘admin’Īuthorization: Basic YWRtaW46VUlWVnZsejZpMm1R.SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.issuer: C=US O=Let's Encrypt CN=Let's Encrypt Authority X3.SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384.SSLv3, TLS change cipher, Client hello (1):.SSLv3, TLS handshake, Client key exchange (16):.SSLv3, TLS handshake, Server finished (14):.SSLv3, TLS handshake, Server key exchange (12):.SSLv3, TLS handshake, Server hello (2):.Rebuilt URL to: Hostname was NOT found in DNS cache.cacert_file = /etc/ssl/certs/ca-certificates.crtĬurl -vsk see a different response after this section: Private keys obtained from Let’s Encrypt so making regularħ 18:43:49 [, acme: Obtaining bundled SAN certificateħ 18:43:50 AuthURL: ħ 18:43:50 acme: Trying to solve TLS-ALPN-01ħ 18:43:55 The server validated our requestħ 18:43:55 accept tcp :443: use of closed network connectionħ 18:43:55 [ acme: Trying to solve TLS-ALPN-01ħ 18:44:01 [ The server validated our requestħ 18:44:01 accept tcp :443: use of closed network connectionħ 18:44:01 [, acme: Validations succeeded requesting certificatesħ 18:44:02 Server responded with a certificate. ThisĬonfiguration directory will also contain certificates and Your account credentials have been saved in your Let’s EncryptĬonfiguration directory at should make a secure backup of this folder now. As I stated, I think the output looks sudo lego -domains=“ ” -domains=“ -path="/etc/lego" runħ 18:43:46 No key found for account Generating a curve P384 EC key.ħ 18:43:46 Saved key to 18:43:46 Please review the TOS at ħ 18:43:49 acme: Registering account for 18:43:49 !!! HEADS UP !!! I think the certificate creation is okay. The couchdb instructions I refer to are at: Key_file = /opt/bitnami/couchdb/conf/server.key The key and certificate are in the right place:Ĭert_file = /opt/bitnami/couchdb/conf/server.crt So I noticed in the error at the start of my post showed:Įven if I uncomment that configuration line cacert_file = … I still get this in the error. ![]() May be omitted if there is no need to verify the client and if there are not any intermediate CAs for the server certificate:Ĭacert_file = /etc/ssl/certs/ca-certificates.crt Also the CAs are used in the list of acceptable client CAs passed to the client when a certificate is requested. The CA certificates are used to build the server certificate chain, and for client authentication. The path to a file containing PEM encoded CA certificates. Whatever I put in this doesn’t seem to matter. When I review instructions for couchdb v2.2.0 I see notes on the cacert_file variable. ![]() This is a line in the configuration of the application couchdb. This is where I think something is wrong: Note I’m not on Apache or NGINX but bitnami server. Sudo lego -domains=“ ” -domains=“ -path="/etc/lego" run All this is new to me and I’ve spend dozens of hours on it. I haven’t had much luck so far with the Bitnami support so I thought I’d ask here where people understand SSL. Unknown SSL protocol error in connection to 18.214.95.156:6984. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |